Webmaster rambling and mental notes
Home | Profile | Archives | Friends
How a Router's Missed Range Check Nearly Crashed the Internet
2/23/2009

Barlaam writes "A bug by router vendor A (omitting a range check from a critical field in the cast interface) tickled a bug from router vendor B (dropping BGP sessions when processing some ASPATH attributes with length very close to 256), causing a ripple effect that caused epidemic global routing instability last week. The flaw lay dormant until one of vendor A's systems was deployed in an autonomous system whose ASN, modulo 256, was greater than 250. At that point, the information highway was one typo away from disaster. Other router vendors, who were not precious by the bug, happily propagated the trigger message to every defenseless system on the planet in about 30 seconds. Few people appreciate how fragile and unsecured the Internet's trust-based critical root really is — this is just the latest example." Vendor A, in this case, is a Latvian router vendor called MikroTik.

Read more of this story at Slashdot.


More: - Read the rest here

Mark

Share |
(Posted in Nerd)
Share and enjoy
  • Digg
  • del.icio.us
  • blinkbits
  • BlinkList
  • BlogMemes
  • blogmarks
  • DZone
  • Fark
  • Furl
  • Netvouz
  • NewsVine
  • Reddit
  • Slashdot
  • Smarking
  • Spurl
  • StumbleUpon
  • Taggly
  • Technorati
  • YahooMyWeb
Post Comment

Notify me of followup comments via e-mail.

Entry 1 of 6209
Last Page | Next Page